Total
35 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22265 | 2 Google, Samsung | 2 Android, Exynos | 2025-10-30 | 4.6 MEDIUM | 5.0 MEDIUM |
|
An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.
|
|||||
| CVE-2023-21467 | 1 Samsung | 1 Exynos | 2025-09-08 | N/A | 4.6 MEDIUM |
|
Error in 3GPP specification implementation in Exynos baseband prior to SMR Apr-2023 Release 1 allows incorrect handling of unencrypted message.
|
|||||
| CVE-2023-21517 | 1 Samsung | 1 Exynos | 2024-11-21 | N/A | 8.8 HIGH |
|
Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remote attacker to execute arbitrary code.
|
|||||
| CVE-2023-21503 | 1 Samsung | 2 Android, Exynos | 2024-11-21 | N/A | 5.6 MEDIUM |
|
Potential buffer overflow vulnerability in mm_LteInterRatManagement.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.
|
|||||
| CVE-2023-21494 | 1 Samsung | 2 Android, Exynos | 2024-11-21 | N/A | 5.6 MEDIUM |
|
Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.
|
|||||
| CVE-2023-21455 | 1 Samsung | 2 Exynos, Exynos Firmware | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper authorization implementation in Exynos baseband prior to SMR Mar-2023 Release 1 allows incorrect handling of unencrypted message.
|
|||||
| CVE-2022-39902 | 1 Samsung | 2 Exynos, Exynos Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper authorization in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to get sensitive information including IMEI via emergency call.
|
|||||
| CVE-2022-39901 | 1 Samsung | 2 Exynos, Exynos Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper authentication in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to disable the network traffic encryption between UE and gNodeB.
|
|||||
| CVE-2022-39881 | 1 Samsung | 2 Exynos, Exynos Firmware | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Improper input validation vulnerability for processing SIB12 PDU in Exynos modems prior to SMR Sep-2022 Release allows remote attacker to read out of bounds memory.
|
|||||
| CVE-2022-39854 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | N/A | 6.4 MEDIUM |
|
Improper protection in IOMMU prior to SMR Oct-2022 Release 1 allows unauthorized access to secure memory.
|
|||||
| CVE-2022-25821 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 3.6 LOW | 3.3 LOW |
|
Improper use of SMS buffer pointer in Shannon baseband prior to SMR Mar-2022 Release 1 allows OOB read.
|
|||||
| CVE-2022-25819 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 2.1 LOW | 5.3 MEDIUM |
|
OOB read vulnerability in hdcp2 device node prior to SMR Mar-2022 Release 1 allow an attacker to view Kernel stack memory.
|
|||||
| CVE-2022-23432 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 4.6 MEDIUM | 6.4 MEDIUM |
|
An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.
|
|||||
| CVE-2022-23431 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 4.6 MEDIUM | 6.4 MEDIUM |
|
An improper boundary check in RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.
|
|||||
| CVE-2022-23428 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 7.2 HIGH | 8.4 HIGH |
|
An improper boundary check in eden_runtime hal service prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.
|
|||||
| CVE-2022-23425 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 7.5 HIGH | 8.6 HIGH |
|
Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to send arbitrary NAS signaling messages with fake base station.
|
|||||
| CVE-2021-25503 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 4.6 MEDIUM | 5.0 MEDIUM |
|
Improper input validation vulnerability in HDCP prior to SMR Nov-2021 Release 1 allows attackers to arbitrary code execution.
|
|||||
| CVE-2021-25491 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 2.1 LOW | 2.3 LOW |
|
A vulnerability in mfc driver prior to SMR Oct-2021 Release 1 allows memory corruption via NULL-pointer dereference.
|
|||||
| CVE-2021-25488 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Lack of boundary checking of a buffer in recv_data() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read.
|
|||||
| CVE-2021-25481 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 4.6 MEDIUM | 6.4 MEDIUM |
|
An improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local attackers to bypass a Secure Memory Protector of Exynos CP Memory.
|
|||||
| CVE-2021-25479 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
A possible heap-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.
|
|||||
| CVE-2021-25478 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
A possible stack-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.
|
|||||
| CVE-2021-25476 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 2.1 LOW | 4.1 MEDIUM |
|
An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows attackers to bypass the ASLR protection mechanism in TEE.
|
|||||
| CVE-2021-25471 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 5.0 MEDIUM | 3.7 LOW |
|
A lack of replay attack protection in Security Mode Command process prior to SMR Oct-2021 Release 1 can lead to denial of service on mobile network connection and battery depletion.
|
|||||
| CVE-2021-25470 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 3.6 LOW | 7.9 HIGH |
|
An improper caller check logic of SMC call in TEEGRIS secure OS prior to SMR Oct-2021 Release 1 can be used to compromise TEE.
|
|||||
| CVE-2021-25469 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 4.6 MEDIUM | 6.0 MEDIUM |
|
A possible stack-based buffer overflow vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows arbitrary code execution.
|
|||||
| CVE-2021-25468 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
A possible guessing and confirming a byte memory vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows attackers to read arbitrary memory address.
|
|||||
| CVE-2021-25345 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 4.9 MEDIUM | 4.0 MEDIUM |
|
Graphic format mismatch while converting video format in hwcomposer prior to SMR Mar-2021 Release 1 results in kernel panic due to unsupported format.
|
|||||
| CVE-2021-22495 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
|
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) (Exynos chipsets) software. The Mali GPU driver allows out-of-bounds access and a device reset. The Samsung ID is SVE-2020-19174 (January 2021).
|
|||||
| CVE-2020-25054 | 1 Samsung | 1 Exynos | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
An issue was discovered on Samsung mobile devices with software through 2020-04-02 (Exynos modem chipsets). There is a heap-based buffer over-read in the Shannon baseband. The Samsung ID is SVE-2020-17239 (August 2020).
|
|||||
| CVE-2020-10835 | 1 Samsung | 1 Exynos | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An issue was discovered on Samsung mobile devices with any (before February 2020 for Exynos modem chipsets) software. There is a buffer overflow in baseband CP message decoding. The Samsung IDs are SVE-2019-15816 and SVE-2019-15817 (February 2020).
|
|||||
| CVE-2019-20596 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Exynos chipsets) software. There is information disclosure in the GateKeeper Trustlet. The Samsung ID is SVE-2019-13958 (June 2019).
|
|||||
| CVE-2019-20572 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered on Samsung mobile devices with O(8.1) and P(9.0) (Exynos chipsets) software. load_kernel has a buffer overflow via untrusted data. The Samsung ID is SVE-2019-14939 (September 2019).
|
|||||
| CVE-2019-20558 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a Buffer Overflow in the Touch Screen Driver. The Samsung ID is SVE-2019-14990 (October 2019).
|
|||||
| CVE-2016-11028 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). There is a stack-based buffer overflow in the OTP TrustZone trustlet. The Samsung IDs are SVE-2016-7173 and SVE-2016-7174 (December 2016).
|
|||||